Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ jobs:
permissions:
contents: read
id-token: write
runs-on: ${{ github.repository == 'stainless-sdks/kernel-go' && 'depot-ubuntu-24.04' || 'ubuntu-latest' }}
runs-on: ${{ startsWith(github.repository, 'stainless-sdks/') && 'depot-ubuntu-24.04' || 'ubuntu-latest' }}
if: |-
github.repository == 'stainless-sdks/kernel-go' &&
(github.event_name == 'push' || github.event.pull_request.head.repo.fork) && (github.event_name != 'push' || github.event.head_commit.message != 'codegen metadata')
Expand Down Expand Up @@ -49,7 +49,7 @@ jobs:
lint:
timeout-minutes: 10
name: lint
runs-on: ${{ github.repository == 'stainless-sdks/kernel-go' && 'depot-ubuntu-24.04' || 'ubuntu-latest' }}
runs-on: ${{ startsWith(github.repository, 'stainless-sdks/') && 'depot-ubuntu-24.04' || 'ubuntu-latest' }}
if: github.event_name == 'push' || github.event.pull_request.head.repo.fork

steps:
Expand All @@ -65,7 +65,7 @@ jobs:
test:
timeout-minutes: 10
name: test
runs-on: ${{ github.repository == 'stainless-sdks/kernel-go' && 'depot-ubuntu-24.04' || 'ubuntu-latest' }}
runs-on: ${{ startsWith(github.repository, 'stainless-sdks/') && 'depot-ubuntu-24.04' || 'ubuntu-latest' }}
if: github.event_name == 'push' || github.event.pull_request.head.repo.fork
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
Expand Down
2 changes: 1 addition & 1 deletion .release-please-manifest.json
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
{
".": "0.79.0"
".": "0.80.0"
}
4 changes: 2 additions & 2 deletions .stats.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
configured_endpoints: 127
openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/kernel/kernel-e04362b2c82b88f4f7fb43209c764fa9fdf37fe98932e142547be43a1e99c50b.yml
openapi_spec_hash: b16e79bfd6cac36090c815a8184b9e09
openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/kernel/kernel-a7f011596b06b94e4be1999585d4675992a5c08e13bc3943764971b78412f020.yml
openapi_spec_hash: 6c6b46659fd5220d57d5ef806986154c
config_hash: 77ee715aa17061166f9a02b264a21b8d
10 changes: 10 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,15 @@
# Changelog

## 0.80.0 (2026-07-18)

Full Changelog: [v0.79.0...v0.80.0](https://github.com/kernel/kernel-go-sdk/compare/v0.79.0...v0.80.0)

### Features

* Add example to ProxyCheckRequest.url so API reference sample shows it ([b32ed11](https://github.com/kernel/kernel-go-sdk/commit/b32ed11503054394e20e6d0b81302a4e1e1ded08))
* **managed-auth:** add TS CUA worker contract (KERNEL-1456) ([5951dfa](https://github.com/kernel/kernel-go-sdk/commit/5951dfae60dce7e60c420c758b5217fe2f96bc6a))
* **stlc:** configurable CI runner and private-production-repo support in workflow templates ([77f3c17](https://github.com/kernel/kernel-go-sdk/commit/77f3c174783e6c4e8dc227d30c0505aee46f4cfd))

## 0.79.0 (2026-07-15)

Full Changelog: [v0.78.1...v0.79.0](https://github.com/kernel/kernel-go-sdk/compare/v0.78.1...v0.79.0)
Expand Down
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ Or to pin the version:
<!-- x-release-please-start-version -->

```sh
go get -u 'github.com/kernel/kernel-go-sdk@v0.79.0'
go get -u 'github.com/kernel/kernel-go-sdk@v0.80.0'
```

<!-- x-release-please-end -->
Expand Down
174 changes: 170 additions & 4 deletions authconnection.go
Original file line number Diff line number Diff line change
Expand Up @@ -333,6 +333,9 @@ type ManagedAuth struct {
// "viable_plans_require_external_action", "requires_external_action",
// "requires_totp_without_secret", "requires_sms_code", "requires_email_code".
CanReauthReason ManagedAuthCanReauthReason `json:"can_reauth_reason"`
// Canonical choices awaiting selection. Prefer this over pending_sso_buttons,
// mfa_options, and sign_in_options when present.
Choices []ManagedAuthChoice `json:"choices" api:"nullable"`
// Reference to credentials for the auth connection. Use one of:
//
// - { name } for Kernel credentials
Expand All @@ -349,6 +352,9 @@ type ManagedAuth struct {
// Instructions for external action (present when
// flow_step=awaiting_external_action)
ExternalActionMessage string `json:"external_action_message" api:"nullable"`
// Canonical fields awaiting input. Prefer this over discovered_fields when
// present.
Fields []ManagedAuthField `json:"fields" api:"nullable"`
// When the current flow expires (null when no flow in progress). A flow past this
// timestamp is no longer valid and its `flow_status` will be `EXPIRED`. Clients
// may start a new login to supersede a stale `IN_PROGRESS` flow past this
Expand Down Expand Up @@ -429,11 +435,13 @@ type ManagedAuth struct {
BrowserSessionID respjson.Field
CanReauth respjson.Field
CanReauthReason respjson.Field
Choices respjson.Field
Credential respjson.Field
DiscoveredFields respjson.Field
ErrorCode respjson.Field
ErrorMessage respjson.Field
ExternalActionMessage respjson.Field
Fields respjson.Field
FlowExpiresAt respjson.Field
FlowStatus respjson.Field
FlowStep respjson.Field
Expand Down Expand Up @@ -519,6 +527,39 @@ const (
ManagedAuthCanReauthReasonRequiresEmailCode ManagedAuthCanReauthReason = "requires_email_code"
)

// Canonical auth-flow choice awaiting user selection.
type ManagedAuthChoice struct {
// Stable choice identifier for canonical submit.
ID string `json:"id" api:"required"`
// Human-readable choice label.
Label string `json:"label" api:"required"`
// Choice type.
//
// Any of "mfa_method", "sso_provider", "sign_in_method", "auth_method",
// "identifier_method", "account", "other".
Type string `json:"type" api:"required"`
// Additional context for the choice.
Description string `json:"description" api:"nullable"`
// Selector for the visible choice, when available.
ObservedSelector string `json:"observed_selector" api:"nullable"`
// JSON contains metadata for fields, check presence with [respjson.Field.Valid].
JSON struct {
ID respjson.Field
Label respjson.Field
Type respjson.Field
Description respjson.Field
ObservedSelector respjson.Field
ExtraFields map[string]respjson.Field
raw string
} `json:"-"`
}

// Returns the unmodified JSON received from the API
func (r ManagedAuthChoice) RawJSON() string { return r.JSON.raw }
func (r *ManagedAuthChoice) UnmarshalJSON(data []byte) error {
return apijson.UnmarshalRoot(data, r)
}

// Reference to credentials for the auth connection. Use one of:
//
// - { name } for Kernel credentials
Expand Down Expand Up @@ -595,6 +636,41 @@ func (r *ManagedAuthDiscoveredField) UnmarshalJSON(data []byte) error {
return apijson.UnmarshalRoot(data, r)
}

// Canonical field awaiting user input.
type ManagedAuthField struct {
// Stable field identifier for canonical submit.
ID string `json:"id" api:"required"`
// Credential reference name to store the submitted value under.
Ref string `json:"ref" api:"required"`
// Managed-auth field type.
//
// Any of "identifier", "password", "code", "totp_code", "totp_secret", "text".
Type string `json:"type" api:"required"`
// Human-readable label shown to the user.
Label string `json:"label"`
// Selector for the visible field, when available.
ObservedSelector string `json:"observed_selector" api:"nullable"`
// Whether this field is required.
Required bool `json:"required"`
// JSON contains metadata for fields, check presence with [respjson.Field.Valid].
JSON struct {
ID respjson.Field
Ref respjson.Field
Type respjson.Field
Label respjson.Field
ObservedSelector respjson.Field
Required respjson.Field
ExtraFields map[string]respjson.Field
raw string
} `json:"-"`
}

// Returns the unmodified JSON received from the API
func (r ManagedAuthField) RawJSON() string { return r.JSON.raw }
func (r *ManagedAuthField) UnmarshalJSON(data []byte) error {
return apijson.UnmarshalRoot(data, r)
}

// Current flow status (null when no flow in progress)
type ManagedAuthFlowStatus string

Expand Down Expand Up @@ -1034,11 +1110,15 @@ func (r *ManagedAuthUpdateRequestProxyParam) UnmarshalJSON(data []byte) error {
}

// Request to submit field values, click an SSO button, select an MFA method, or
// select a sign-in option. Provide exactly one of fields, sso_button_selector,
// sso_provider, mfa_option_id, or sign_in_option_id.
// select a sign-in option. Prefer canonical selected_choice_id/field_values when
// the API returns fields/choices; legacy
// fields/sso_button_selector/sso_provider/mfa_option_id/sign_in_option_id remain
// supported during deprecation.
type SubmitFieldsRequestParam struct {
// The MFA method type to select (when mfa_options were returned)
MfaOptionID param.Opt[string] `json:"mfa_option_id,omitzero"`
// Canonical choice ID selected by the user.
SelectedChoiceID param.Opt[string] `json:"selected_choice_id,omitzero"`
// The sign-in option ID to select (when sign_in_options were returned)
SignInOptionID param.Opt[string] `json:"sign_in_option_id,omitzero"`
// XPath selector for the SSO button to click (ODA). Use sso_provider instead for
Expand All @@ -1047,6 +1127,8 @@ type SubmitFieldsRequestParam struct {
// SSO provider to click, matching the provider field from pending_sso_buttons
// (e.g., "google", "github"). Cannot be used with sso_button_selector.
SSOProvider param.Opt[string] `json:"sso_provider,omitzero"`
// Canonical map of field ID to submitted value.
FieldValues map[string]string `json:"field_values,omitzero"`
// Map of field name to value
Fields map[string]string `json:"fields,omitzero"`
paramObj
Expand Down Expand Up @@ -1095,6 +1177,8 @@ type AuthConnectionFollowResponseUnion struct {
FlowStep string `json:"flow_step"`
Timestamp time.Time `json:"timestamp"`
// This field is from variant [AuthConnectionFollowResponseManagedAuthState].
Choices []AuthConnectionFollowResponseManagedAuthStateChoice `json:"choices"`
// This field is from variant [AuthConnectionFollowResponseManagedAuthState].
DiscoveredFields []AuthConnectionFollowResponseManagedAuthStateDiscoveredField `json:"discovered_fields"`
// This field is from variant [AuthConnectionFollowResponseManagedAuthState].
ErrorCode string `json:"error_code"`
Expand All @@ -1103,6 +1187,8 @@ type AuthConnectionFollowResponseUnion struct {
// This field is from variant [AuthConnectionFollowResponseManagedAuthState].
ExternalActionMessage string `json:"external_action_message"`
// This field is from variant [AuthConnectionFollowResponseManagedAuthState].
Fields []AuthConnectionFollowResponseManagedAuthStateField `json:"fields"`
// This field is from variant [AuthConnectionFollowResponseManagedAuthState].
FlowType string `json:"flow_type"`
// This field is from variant [AuthConnectionFollowResponseManagedAuthState].
HostedURL string `json:"hosted_url"`
Expand All @@ -1125,10 +1211,12 @@ type AuthConnectionFollowResponseUnion struct {
FlowStatus respjson.Field
FlowStep respjson.Field
Timestamp respjson.Field
Choices respjson.Field
DiscoveredFields respjson.Field
ErrorCode respjson.Field
ErrorMessage respjson.Field
ExternalActionMessage respjson.Field
Fields respjson.Field
FlowType respjson.Field
HostedURL respjson.Field
LiveViewURL respjson.Field
Expand Down Expand Up @@ -1209,6 +1297,9 @@ type AuthConnectionFollowResponseManagedAuthState struct {
FlowStep string `json:"flow_step" api:"required"`
// Time the state was reported.
Timestamp time.Time `json:"timestamp" api:"required" format:"date-time"`
// Canonical choices awaiting selection. Prefer this over pending_sso_buttons,
// mfa_options, and sign_in_options when present.
Choices []AuthConnectionFollowResponseManagedAuthStateChoice `json:"choices"`
// Fields awaiting input (present when flow_step=AWAITING_INPUT; may also be
// present with AWAITING_EXTERNAL_ACTION as fallback actions).
DiscoveredFields []AuthConnectionFollowResponseManagedAuthStateDiscoveredField `json:"discovered_fields"`
Expand All @@ -1219,6 +1310,9 @@ type AuthConnectionFollowResponseManagedAuthState struct {
// Instructions for external action (present when
// flow_step=AWAITING_EXTERNAL_ACTION).
ExternalActionMessage string `json:"external_action_message"`
// Canonical fields awaiting input. Prefer this over discovered_fields when
// present.
Fields []AuthConnectionFollowResponseManagedAuthStateField `json:"fields"`
// Type of the current flow.
//
// Any of "LOGIN", "REAUTH".
Expand Down Expand Up @@ -1248,10 +1342,12 @@ type AuthConnectionFollowResponseManagedAuthState struct {
FlowStatus respjson.Field
FlowStep respjson.Field
Timestamp respjson.Field
Choices respjson.Field
DiscoveredFields respjson.Field
ErrorCode respjson.Field
ErrorMessage respjson.Field
ExternalActionMessage respjson.Field
Fields respjson.Field
FlowType respjson.Field
HostedURL respjson.Field
LiveViewURL respjson.Field
Expand All @@ -1271,6 +1367,39 @@ func (r *AuthConnectionFollowResponseManagedAuthState) UnmarshalJSON(data []byte
return apijson.UnmarshalRoot(data, r)
}

// Canonical auth-flow choice awaiting user selection.
type AuthConnectionFollowResponseManagedAuthStateChoice struct {
// Stable choice identifier for canonical submit.
ID string `json:"id" api:"required"`
// Human-readable choice label.
Label string `json:"label" api:"required"`
// Choice type.
//
// Any of "mfa_method", "sso_provider", "sign_in_method", "auth_method",
// "identifier_method", "account", "other".
Type string `json:"type" api:"required"`
// Additional context for the choice.
Description string `json:"description" api:"nullable"`
// Selector for the visible choice, when available.
ObservedSelector string `json:"observed_selector" api:"nullable"`
// JSON contains metadata for fields, check presence with [respjson.Field.Valid].
JSON struct {
ID respjson.Field
Label respjson.Field
Type respjson.Field
Description respjson.Field
ObservedSelector respjson.Field
ExtraFields map[string]respjson.Field
raw string
} `json:"-"`
}

// Returns the unmodified JSON received from the API
func (r AuthConnectionFollowResponseManagedAuthStateChoice) RawJSON() string { return r.JSON.raw }
func (r *AuthConnectionFollowResponseManagedAuthStateChoice) UnmarshalJSON(data []byte) error {
return apijson.UnmarshalRoot(data, r)
}

// A discovered form field
type AuthConnectionFollowResponseManagedAuthStateDiscoveredField struct {
// Field label
Expand Down Expand Up @@ -1318,6 +1447,41 @@ func (r *AuthConnectionFollowResponseManagedAuthStateDiscoveredField) UnmarshalJ
return apijson.UnmarshalRoot(data, r)
}

// Canonical field awaiting user input.
type AuthConnectionFollowResponseManagedAuthStateField struct {
// Stable field identifier for canonical submit.
ID string `json:"id" api:"required"`
// Credential reference name to store the submitted value under.
Ref string `json:"ref" api:"required"`
// Managed-auth field type.
//
// Any of "identifier", "password", "code", "totp_code", "totp_secret", "text".
Type string `json:"type" api:"required"`
// Human-readable label shown to the user.
Label string `json:"label"`
// Selector for the visible field, when available.
ObservedSelector string `json:"observed_selector" api:"nullable"`
// Whether this field is required.
Required bool `json:"required"`
// JSON contains metadata for fields, check presence with [respjson.Field.Valid].
JSON struct {
ID respjson.Field
Ref respjson.Field
Type respjson.Field
Label respjson.Field
ObservedSelector respjson.Field
Required respjson.Field
ExtraFields map[string]respjson.Field
raw string
} `json:"-"`
}

// Returns the unmodified JSON received from the API
func (r AuthConnectionFollowResponseManagedAuthStateField) RawJSON() string { return r.JSON.raw }
func (r *AuthConnectionFollowResponseManagedAuthStateField) UnmarshalJSON(data []byte) error {
return apijson.UnmarshalRoot(data, r)
}

// An MFA method option for verification
type AuthConnectionFollowResponseManagedAuthStateMfaOption struct {
// The visible option text
Expand Down Expand Up @@ -1491,8 +1655,10 @@ func (r *AuthConnectionLoginParamsProxy) UnmarshalJSON(data []byte) error {

type AuthConnectionSubmitParams struct {
// Request to submit field values, click an SSO button, select an MFA method, or
// select a sign-in option. Provide exactly one of fields, sso_button_selector,
// sso_provider, mfa_option_id, or sign_in_option_id.
// select a sign-in option. Prefer canonical selected_choice_id/field_values when
// the API returns fields/choices; legacy
// fields/sso_button_selector/sso_provider/mfa_option_id/sign_in_option_id remain
// supported during deprecation.
SubmitFieldsRequest SubmitFieldsRequestParam
paramObj
}
Expand Down
5 changes: 5 additions & 0 deletions authconnection_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -231,11 +231,16 @@ func TestAuthConnectionSubmitWithOptionalParams(t *testing.T) {
"id",
kernel.AuthConnectionSubmitParams{
SubmitFieldsRequest: kernel.SubmitFieldsRequestParam{
FieldValues: map[string]string{
"field_email": "user@example.com",
"field_password": "secret",
},
Fields: map[string]string{
"email": "user@example.com",
"password": "secret",
},
MfaOptionID: kernel.String("sms"),
SelectedChoiceID: kernel.String("google"),
SignInOptionID: kernel.String("work-account"),
SSOButtonSelector: kernel.String("xpath=//button[contains(text(), 'Continue with Google')]"),
SSOProvider: kernel.String("google"),
Expand Down
2 changes: 1 addition & 1 deletion internal/version.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,4 @@

package internal

const PackageVersion = "0.79.0" // x-release-please-version
const PackageVersion = "0.80.0" // x-release-please-version
2 changes: 1 addition & 1 deletion proxy_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -166,7 +166,7 @@ func TestProxyCheckWithOptionalParams(t *testing.T) {
context.TODO(),
"id",
kernel.ProxyCheckParams{
URL: kernel.String("url"),
URL: kernel.String("https://example.com"),
},
)
if err != nil {
Expand Down
Loading